Knock, Knock, Knock

Knock, Knock, Knock
Kelly Martin, 2004-02-20

If hundreds of thousands of people are still blindly clicking on attachments in their email, is there any hope of mitigating the threat of hundreds of thousands of compromised systems with open backdoors?

Expand all | Post comment

Knock, Knock, Knock 2004-02-20
Dmitriy (1 replies)

Knock, Knock, Knock 2004-02-24
Keith (4 replies)

Knock, Knock, Knock 2004-02-26
Anonymous

Knock, Knock, Knock 2004-02-27
Farzad

Knock, Knock, Knock 2004-03-01
Anonymous

Knock, Knock, Knock 2004-03-01
www.mobasoft.com

Knock, Knock, Knock 2004-02-20
Anonymous (2 replies)

Knock, Knock, Knock 2004-02-25
Anonymous (1 replies)

HTML/MIME vulnerability (and avoidance) 2004-02-26
Anonymous

Knock, Knock, Knock 2004-03-03
Anonymous

Knock, Knock, Knock 2004-02-21
Anonymous

Ok Double Sided Swords 2004-02-21
Anonymous

Knock, Knock, Knock 2004-02-24
Jack (1 replies)

Knock, Knock, Knock 2004-02-28
Anonymous

Knock, Knock, Knock 2004-02-25
Anonymous

Knock, Knock, Knock 2004-02-26
fndude@hotmail.com

Knock, Knock, Knock 2004-02-27
Anonymous

Pretty easy solution 2004-02-27
Potato Head

About 4 years ago on NT I wrote a little application, it was simple, ran an executable in a sandbox by shimming / hooking DLLS and only allowed certain functions.

It stopped a lot of buffer over run type attacks and stopped those stupid mass emailing and the like.

The shimmy to the App returned true to all suspicious calls, eg msvcrt.dll command shell, etc. For some shell calls I gave it bogus address and such, eg get hostname, address box was invalid email addresses, etc.

It also run executable under a user with less access than guest.

So to help stop this stupidity, a shimmy, sandbox runtime is really helpful.

cheers,
Mr Potato

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/221/25205#25205

Knock, Knock, Knock 2004-03-01
Robert Townley